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A mathematical model for ascertaining same 
ciphertext generated from distinct plaintext in 
Michael O. Rabin Cryptosystem 

Md. Shamim Hossain Biswas 

Abstract — Michael O. Rabin Cryptosystem can generate same ciphertext form different plaintext as well as multiple plaintext from single 
cyphertext. There are a number of techniues to reveal original plaintext. But none of them can seperate same cyphertext against each 
plaintext generated from modular reduction arithmetic. If question arises about how one can distinguish particular ciphertext against each 
plaintext, to answer those questions, I design a new mathematical model for identifying same ciphertext against each plaintext and it also 
facilitates message encryption and decryption. The proposed mathematical model constructiond based on quadratic root of quadratic residue, 
quadratic quotient, floor function and absolute value counting in order to identify the ciphertext against the plaintext. In particular. When same 
number of residues generated from multiple plaintext applying modular reduction arithmetic. The proposed crypto intensive technique uses 
symmetric key using Diffie-Hellman key exchange protocol. The advantage of proposed crypto intensive technique is intended receiver 
getting only one plainvalue distinguishing the ciphertext against the plaintext. The proposed crypto teachnique requires less time complexity 
and probabily secure against man-in-the-middle, chosen plaintext and cyphertext attack. 

Index Terms —Michael O. Rabin’s Encryption and signature schem,e, Diffie-Hellman key exchange protocol, modular arithmetic, Bezout’s 
Coefficient, Extended Euclidean Algorithm, Chinese Remainder Theorem, Polynomials, Legendre Symbol, Congruence, 
ASCII- Code, Floor and Absolute Value function. 


1 Introduction 

ince[l-2] publication on January (1976,1979) by Michael O. 
Rabin, a huge number of surveys had been carried out over 
Rabin's Cryptosystem to find out its efficiency and devise a 
new method for real life application. It was the first asymmetric 
cryptosystem in the field of public key Cryptography. Security 
of Rabin's encryption mechanism relies on prime integer factor¬ 
ization. It was not widely used due to having some computa¬ 
tional error, but its theoretical significance widespread. The en¬ 
cryption mechanism used quadratic residue to produce cipher 
text and Decryption was accomplished by Computing two 
square root, Bezout's Coefficient using extended Euclidean al¬ 
gorithm and combining them with Chinese Remainder theo¬ 
rem. Similarly to the RSA and ElGamal cryptosystems, Michael 
O. Rabin cryptosystem is described in a ring under addition and 
multiplication modulo composite integer. One of the main dis¬ 
advantage is to generate four results during decryption and ex¬ 
tra effort needed to sourt out the right one out of four possibil¬ 
ities. In this paper I design a new crypto intensive technique 
based on Diffie -Heilman key exchange protocol [3], concept of 
square modular arithmetic from Michael O. Rabin Cryptosys¬ 
tem, Floor function and absolute value function. The symmetric 
key generates from Diffie-Hellman key exchange protocol. 

The sender Bob sends a pair of integer to Alice as an encrypted 
text (C) = ( m 2 / K , m 2 mod K). After receiving, Alice decrypts 
the message (D) = | Jq.k + r | and gets only one desired plain 
text unlike Rabin's Cryptosystem in which she gets four differ¬ 
ent decryption results. The rest of the paper is organized as a 
follows. Section 1.1 summarizes Overview of Michael O. Rabin 


cryptosystem. Ssection 1.2 gives an overview of Rabin's Signa¬ 
ture Scheme, Section 1.3 provides an overview of Diffie-Hell¬ 
man Key Exchange protocol. Section 2 gives Literature Review, 
Section 3.for proposed mathetical model. Section 3.1 for 
prposed Algorithm, Section 3.2 gives summary of proposed 
mathmetical model. In section 3.3 shows comparisons. Finally, 
Section 4, 5 give conclusion and acknowledgement. 

1.1 Overview of Rabin’s Cryptosystem [4] 

SUMMARY: 

Each entity creates a public key and a corresponding private 
key. Each entity A should do the following: 

1. Generate two large random (and distinct) primes p and 
q, each roughly the same size. 

2. Compute n = p q. 

3. A's public key is n; A's private key is (p, q). 

Algorithm for Rabin's public-key encryption 
SUMMARY: 

B encrypts a message m for A, which decrypts. 

1. Encryption. B should do the following: 

(a) Obtain A's authentic public key n. 

(b) Represent the message as an integer m {0,1... n-1}. 

(c) Compute c = m 2 mod n. 

(d) Send the cipher text c to A. 

Algorithm for Rabin public-key Decryption 
SUMMARY: 
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To recover plaintext m from c, A should find the four square 
roots mi, m 2 , m 3 , and m 4 of c modulo n. The message sent was 
either mi, m 2 , m 3 , or m 4 . A decides which of these is m by ascer¬ 
tain replicating bits. 

1. Use the extended Euclidean algorithm to find integers 
Y p and Y q satisfying p.Y p + q.Y q =1. 

2. Compute M p = c (p + 1 )/4 mod p. 

3. Compute M q = c (q +1 )/ 4 mod q. 

4. Compute x = (Y p .p. M q + Y q .q. M p ) mod n. 

5. Compute y = (Y p .p. M q - Y q .q. M p ) mod n. 

6 . The four square roots are x, -- x, y and-- y mod n. 

For example. Key generation: Entity A chooses the primes 
p = 277, q = 331, and computes n = p.q = 91687. A's public key 
is n = 91687, while A's private key is (p = 277, q= 331). 

Encryption: 

Suppose that the last six bits of original messages are required 
to be replicated prior to encryption. In order to encrypt the 10- 
bit message m = 1001111001 , B replicates the last six bits of m to 
obtain the 16-bit message m = 1001111001111001 , which in dec¬ 
imal notation is m = 40569. B then computes c = m 2 mod n = 
405692 mod 91687 = 62111 and sends this to A. 

Decryption: 

To decrypt c, A uses aforesaid algorithm and her knowledge of 
the factors of n to compute the four square roots of c mod n: 
mi = 69654, m 2 = 22033, m 3 = 40569, nu = 51118, which in binary 
are mi = 10001000000010110 , m 2 = 101011000010001 , 
m 3 = 1001111001111001, m 4 = 1100011110101110. Since only m 3 
has the required redundancy, A decrypts c to m 3 and recovers the 
original message (m) = 100111100 

1.2 Overview of Rabin’s Signature Scheme 

Rabin's Cryptosystem is composed of Key Setup, Encryption 
and Decryption. Key Generation step-1: Let, Alice chooses two 
random prime numbers P and Q. Compute public key N= P*Q 
she also picks a random integer (0 < b < N; publicize (N, b) as 
her public key material, and keep (P and Q) as her private key 

Encryption step-2: 

The sender Bob creates cipher text C=m (m +b) mod N. Here uses 
of b is Security purpose only (0 <b <N). 

Decryption step-3: 

Alice solves the quadratic equation m 2 - mb + c==0 (mod N) 
to decrypt the ciphertext. Decryption involves computing 
square roots modulo N. Decryption consisting of m 2 =a (mod 
n). This is performed by solving M p = m 2 =a (mod p) and 
M q = m 2 =a (mod q). Pick a random integer b in range 0.. ..p and 
compute the Legendre symbol (b 2 - 4a) /p i.e., (b 2 - 4 a) ( p - 4 ) / 2 


mod p with result p -1 replaced by -1, until that's -l.Now setup 
the second degree polynomial arithmetic / and then compute 
the polynomial x to +1)/2 mod/and x to +1)/2 mod/using polyno¬ 
mial arithmetic modulo the polynomial/. Compute Bezout's co¬ 
efficient using extended Euclidean algorithm and combine 
these using the Chinese Remainder Theorem yielding four so¬ 
lutions in most cases, and picking the right one in some way. 

Example: 

Step 1. Let, two random prime number p= 41, q= 53 and public 
key: N= p. q =1273 Message m=92. Cipher text c =m 2 mod N = 
1945. Now compute M p = m 2 = a (mod p) =18 and M q = m 2 = a 
(mod q) =37. 

Step 2. Choose a random b = 2 satisfying the condition 
and setup a polynomial/= x 2 - b. x + M v with coefficients in Z41, 
that is / = x 2 + 39x + 18 similarly b = 4 satisfying the condition 
and setup a polynomial/= x 2 + 49x + 37 with coefficients in Z 53 ; 
x is the variable of the polynomial and has no particular value. 

Step 3. Compute the polynomial x ( p +1)/2 mod/= x 21 mod f The 
binary representation of the exponential order (21) is 10101, and 
compute x 2 , x 4 , x 5 , x 10 , x 20 and finally x 21 mod/by left-to-right 
binary exponentiation. 

Computation of x 2 mod / that is x 2 -- (x 2 +39x+18), that is 
2x+23 

Computation of x 4 mod/that is 4x 2 +10x+37- 4(x 2 +39x+18), that 
is 18x+6. 

Computation of x 5 mod /that is 18x 2 +6x- - (x 2 +39x+18), that is 
x+4. 

Computation of x 10 mod/that is (x+4) 2 mod/that is 10x+39. 
Computation of x 20 mod/that is (10x+39) 2 mod/that is 37x+8. 
Computation of x 21 mod / that is 37x 2 +8x mod /. Finally, the x 
term has surprised leaving 31. Thus m 2 =a (mod p) has solution 
M £{10, 31} (mod p). 

Step 4. Compute the polynomial x to+V/ 2 mod / that is x 27 mod f 
using polynomial arithmetic modulo the polynomial /. The bi¬ 
nary representation of the exponential order (27) is 11011, and 
compute x 2 , x 3 , x 6 , x 12 , x 13 , x 26 and finally x 27 mod/by left-to- 
right binary exponentiation. Similar computation of step 3. 
Solve m 2 =a (mod q), with solution M 6 {14, 39} (mod q). 

Step 5. Compute the Bezout's Coefficient using Extended 
Eclidean Algorithm those are Y p = 22, Y q = -17 

Step 6.Computation Ri= (Y p .p. Mqi +Yq. q. M p i) mod N = 728, 
R 2 = -Ri mod N = 1445, R 3 = (Y p . p. M q2 - Y q . q. M p2 ) mod N = 
2081, R 4 = - R 3 mod N = 92, Hence, the potential results are m = 
{728,1445, 2081, 92} by applying Chinese remainder theorem. 
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1.3 Diffie-Hellman Key Exchange protocol [5] 


2. Literature Review 


The first published public-key algorithm appeared in the semi¬ 
nal paper by Diffie and Heilman that defined public-key cryp¬ 
tography [8]. It is generally referred to as Diffie-Hellman key 
exchange protocol. A number of commercial products employ 
this key exchange technique. The purpose of the algorithm is to 
enable two users to securely exchange a key that can then be 
used for subsequent encryption and decryption of messages. 
The algorithm itself is limited to the exchange of secret values. 
The Diffie-Hellman algorithm depends for its effectiveness on 
the difficulty of computing discrete logarithms 

Global Public elements q is a prime number which can 

define a domain so called 
curve area or elliptic curve, 
a is a primitive root of q such 
thata a < q. 

Key Generation for user A Select private key X a , such 

that X a < q. Calculate public 
key Y a = a xa mod q 


Key Generation for user B 

Secret key for user A 
Secret key for user B 


Select private key Xb such 
that Xb < q. Calculate public 
key Yb = aa xb mod q 

K= (Yb) xa mod q 

K= (Y a ) xb mod q 


Example: 

An integer number q = 353 that is domain size and its primitive 
root aa = 3. A and B select secret keys A = 97 and B = 233, 
respectively. 


There are many surveys have been dedicated over Rabin's cryp¬ 
tosystem. Recently various modifications of Rabin's cryptosys¬ 
tem have been published in different scientific journals. 

Hayder Raheem Hashim [6] proposed an update methodology 
that used three private keys instead of two. Consequently, the 
eight non-deterministic plaintext generates from one cypher 
text. One of them is real plaintext. The advantage of this tech¬ 
nique is to make confusing attacker while it is very annoying to 
receiver as extra effort is required to distinguish original 
plaintext out of eight text. 

Yahia Awad et al. [7] proposed a deterministic method depend¬ 
ing on the domain of Gaussian Integer to select right plaintext 
among four decryption result. Recipient can decide particular 
plain text form four possible decryption result by selecting ob¬ 
tained square root with redundancies in its imaginary part (a + 
bi). This is the main benefit of using Gaussian integer technique. 
The disadvantage, on the other hand, same cyphertext can be 
generated from different plaintext due to having modular re¬ 
duction arithmetic. For example, for the four plaintext (m) = {13, 
20, 57, 64}, the same cipher text c=15. 

Manish Bhatt et al.[8] extended a deterministic technique add¬ 
ing duplicating bits at the beginning of plaintext before encryp¬ 
tion. Added replicating bits reflected within one decrypted text 
among four possible plaintext. The annoying thing is other 
three false result that refers to time complexity and memory 
complicity. 

Masahiro Kaminaga, et al,. [9] discussed a fault attack technique 
on modular exponentiation during Rabin's encryption where a 
complicated situation arose in case of message reconstruction 
when message and public key were not relatively prime. They 
also provided a rigorous algorithm to handle message recon¬ 
struction. 


Each of them computes public key: 
A computes X = 3 97 mod 353 = 40. 

B computes Y = 3 233 mod 353 = 248. 


Haytham Gani [10] performed study over Rabin and RSA Cryp¬ 
tosystem and provided insightful discussion. The computation 
speed of RSA and Rabin's Cryptosystem were roughly same. 
Both algorithm's security relied on prime integer factorization. 


They compute secret key in the following ways by exchanging 
public key between each other. 

A computes K = (Y) A mod 353 = 24897 mod 353 =160. 

B computes K = (X) B mod 353 = 40233 mod 353 = 160. 


Preeti Chandrakar [11] discussed about a secure two factor re¬ 
mote authentication scheme using Rabin Cryptosystem. This 
paper showed an extended usages of Rabin's cryptosystem. 

Xue-dong DONG, et al.[12] modified Rabin's cryptosystem us¬ 
ing cubic residue technique which successfully removed the 
long cherished inconsistency so called four to one function in 
Rabin's cryptosystem. But, it was insecure against chosen ci¬ 
pher text attack that was pointed out by authors. Interestingly, 
the novel method of computing cubic root from a cubic residue 
prohibited the revealing private key. 
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3. Proposed Mathetical model 

1 

108 

01101100 

L 

076 

01001100 


m 

109 

01101101 

M 

077 

01001101 

3.1 Prposed Algorithm 


n 

110 

01101110 

N 

078 

01001110 

Key Generation Algorithm: 

o 

111 

01101111 

o 

079 

01001111 

K = (Y b ) xa mod q 

P 

112 

01110000 

p 

080 

01010000 

= (a xb mod q) Xa mod q 

q 

113 

01110001 

Q 

081 

01010001 

= (a xb ) Xa mod q 

r 

114 

01110010 

R 

082 

01010010 

= a xb Xa mod a 


s 

115 

01110011 

S 

083 

01010011 

= (a Aa ) w mod q 

= (a xa mod q) xb mod q 

t 

116 

01110100 

T 

084 

01010100 

= (Y a ) xb mod q 

u 

117 

01110101 

U 

085 

01010101 


V 

118 

01110110 

V 

086 

01010110 

Encryption Algorithm: 

w 

119 

01110111 

w 

087 

01010111 


X 

120 

01111000 

X 

088 

01011000 

Q = L m 2 /K J 

V 

121 

01111001 

Y 

089 

01011001 

K = rrC mod K y 

c= (Q, R) 

z 

122 

01111010 

z 

090 

01011010 


Decryption Algorithm: 

D = VQ.fc + ft 


3.2 Summary of Proposed mathmetical Model 

The proposed crypto technique ensures secure communication 
among two parties. For example, at the initial stage Alice and 
Bob create a shared secret key. In the second stage Bob choose 
a message A = 065 according to ASCII - Binary Character Table 
[13]. It is a character encoding standard for electronic commu¬ 
nication. It represents text in a computer, telecommunication 
equipment and other devices. The following simplified snap¬ 
shot of ASCII codes have been shown as an explanatory pur¬ 
poses of proposed crypto intensive technique. Although, total 
number of ASCII Codes 128. 


Letter ASCII Code 

Binary 

Letter ASCII Code 

Binary 

a 

097 

01100001 

A 

065 

01000001 

b 

098 

01100010 

B 

066 

01000010 

c 

099 

01100011 

C 

067 

01000011 

d 

100 

01100100 

D 

068 

01000100 

e 

101 

01100101 

E 

069 

01000101 

f 

102 

01100110 

F 

070 

01000110 

S 

103 

01100111 

G 

071 

01000111 

h 

104 

01101000 

H 

072 

01001000 

i 

105 

01101001 

I 

073 

01001001 

j 

106 

01101010 

J 

074 

01001010 

k 

107 

01101011 

K 

075 

01001011 


Then, He encrypts the message like a pair of integer using 
shared secret key and sends to Alice. Finally, Alice decrypt mes¬ 
sage. The following description describes entire mathematical 
process. 


Step 1: Key generation 


Alice (Sender) 

Eve (Eavesdropper) Bob(Receiver) 

Known Unknown 

Known 

Unknown Known Unknown 

E-IB 


/ 

G=5 


/ 

P-7 Q=U 


P=7 Q=ll P=7 

A = 5 ' mod 113- 


-Q-H B- 5 11 mod 113 



42 ! . 1 . 

A =34'' mod 113 

34 

A=B=40 B= 42 22 mod 113 

Ka-40 * 


Swapping Kb , 40 



purposes 


Step 2: Encryption Step 3: Decryption 


Bob encrypts the message and 
sends to Alice. 

Q= l (065) 2 /40 j =105 
R=(065) 2 mod 40=25 
C= (105, 25) 


Alice receives the message and decrypts by applying square 
root over the result of multiplication (Q * Ka) and addition 
(quadratic residue R). She accepts only its absolute value as a 
plaintext. 


D= | V105,40 + 25 | = | *1X225 | = 065 = A 
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3.3 Comparisons 


4. Conclusion 


The comparison between proposed crypto technique and Mi¬ 
chael O. Rabin Cryptosystem as follows. 

Rabin’s Crypto Scheme Proosed Crypto technique 


Cyphertext is a quadratic resi¬ 
due. 

Decryption generates four plain 
text 

It uses assymetric key 

It is vulnerable against chosen 

ciphertext and plaintext attack. 


Michael 0. Rabin's Encription and 
signature scheme cannot idendify 
same ciphertext generated from 
different plaintext. 

Michael 0. Rabin Crytposystem 
cannot identify same ciphertext 
against different plaintext. 


Ciphertext is a pair of integer 

Decryption generates single 
plaintext 

It uses symetric key 
It is not vulnerable against 
man in the middle attack, be¬ 
cause, the key may be stolen 
but computation scheme is 
unknown to adversary. 

It is strong due to having 
ability to distinguish same 
Ciphertext uniquely gener¬ 
ated from different plaintext. 
Proposed technique can 
identify same ciphertext 
against different plain text. 


A disadvantage of Michael O. Rabin cryptosystem: 


C= 13 2 mod 77 

C= 20 2 mod 7 

7 

C= 57 2 mod T, 

1 

C= 64 2 mod 77 



The same encryption result (15) generates from four distinct plaintext 
M={ 13,20,57,64} those results cannot be identified separately 
by Michael O. Rabin’s Cryptosystem. 


The proposed crypto intensive mathematical technique is effi¬ 
cient for solving four to one mapping ciphertext. Its objective to 
identify each cipher text separately because modular arithmetic 
can generate same cyphertext from different plaintext. The pro¬ 
posed model can efficiently identify each cipher text separately 
generated form modular reduction arithmetic, while Rabin's 
cryptosystem fails. There is a security vulnerability in symmet¬ 
ric key geration stage that is man in the middle attack because 
it does not authenticate the participants. Even thouth proposed 
scheme ensures security as computation procedure is unknown 
to adversary. 
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An advantage of proposed crypto technique: 


R= 13 2 mod 77 

R = 20 2 mod 77 

R = 57 2 mod 77 

R = 64 2 mod 77 

Q= l 13 2 / 77 J 

Q= l 20 2 / 77 J 

Q= l 57 2 / 77 J 

Q= L-64 2 / 77 J 

C=(2,15) 

C=(5,15) 

C=(42,15) 

C=(53,15) 


The proposed crypto intensive technique can uniquely identify 
each cipher text against plaintext. 
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